Uploaded image for project: 'EJB 3.0'
  1. EJB 3.0
  2. EJBTHREE-189

@RunAs mangles getCallerPrincipal() result

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • EJB 3.0 RC1
    • EJB 3.0 Beta 1
    • None
    • None

    Description

      When @RunAs is used, Principal returned from SessionContext.getCallerPrincipal() is "anonymous". This is contrary to the EJB2.1 spec, section 21.2.5.1 Use of getCallerPrinicpal:

      "Note that getCallerPrincipal returns the principal that represents the caller of the
      enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any."

      On the next page of the spec is an example of how to use getCallerPrincipal() which will break in JBoss if you apply @RunAs to the ejb method.

      It looks like the problem is that SecurityAssociation.getCallerPrinicpal() is simply a cut-and-paste of SecurityAssociation.getPrincipal().

      Attachments

        1. ejb3-189.jar.zip
          8 kB
        2. ejb3-189-src.zip
          6 kB
        3. updated-ejb3-198-src.zip
          5 kB

        Activity

          People

            wdecoste1@redhat.com William Decoste (Inactive)
            lhoriman_jira Robert Dobbs (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: